aarch64: Clear canary value after stack_protect_test [PR96191]
authorRichard Sandiford <richard.sandiford@arm.com>
Wed, 5 Aug 2020 14:18:36 +0000 (15:18 +0100)
committerRichard Sandiford <richard.sandiford@arm.com>
Wed, 5 Aug 2020 14:18:36 +0000 (15:18 +0100)
commitfe1a26429038d7cd17abc53f96a6f3e2639b605f
treee37f7d8a433b1c8f5113745d5098845be27d223d
parent2c272091c09298eea02b6bb3b3ffd95db9ea505b
aarch64: Clear canary value after stack_protect_test [PR96191]

The stack_protect_test patterns were leaving the canary value in the
temporary register, meaning that it was often still in registers on
return from the function.  An attacker might therefore have been
able to use it to defeat stack-smash protection for a later function.

gcc/
PR target/96191
* config/aarch64/aarch64.md (stack_protect_test_<mode>): Set the
CC register directly, instead of a GPR.  Replace the original GPR
destination with an extra scratch register.  Zero out operand 3
after use.
(stack_protect_test): Update accordingly.

gcc/testsuite/
PR target/96191
* gcc.target/aarch64/stack-protector-1.c: New test.
* gcc.target/aarch64/stack-protector-2.c: Likewise.
gcc/config/aarch64/aarch64.md
gcc/testsuite/gcc.target/aarch64/stack-protector-1.c [new file with mode: 0644]
gcc/testsuite/gcc.target/aarch64/stack-protector-2.c [new file with mode: 0644]